PE-8: VISITOR ACCESS RECORDS

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

• ICS Control Baselines:

• Low
• Moderate
• High

• a. Maintains visitor access records to the facility where the information system resides for [Assignment: organization-defined time period]; and
• b. Reviews visitor access records [Assignment: organization-defined frequency].

SUPPLEMENTAL GUIDANCE

Visitor access records include, for example, names and organizations of persons visiting, visitor signatures, forms of identification, dates of access, entry and departure times, purposes of visits, and names and organizations of persons visited. Visitor access records are not required for publicly accessible areas.

ICS SUPPLEMENTAL GUIDANCE

No ICS Supplemental Guidance.

CONTROL ENHANCEMENTS

PE-8 (1) VISITOR ACCESS RECORDS | AUTOMATED RECORDS MAINTENANCE / REVIEW

• ISC Control Baseline:

• High

The organization employs automated mechanisms to facilitate the maintenance and review of visitor access records.

Supplemental Guidance: NONE

No ICS Supplemental Guidance.

PE-8 (2) VISITOR ACCESS RECORDS | PHYSICAL ACCESS RECORDS

[Withdrawn: Incorporated intoPE-2].

REFERENCES:

• NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY